{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T16:37:52Z","timestamp":1773247072450,"version":"3.50.1"},"reference-count":62,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/sp46215.2023.10179472","type":"proceedings-article","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T17:18:15Z","timestamp":1689959895000},"page":"2921-2939","source":"Crossref","is-referenced-by-count":7,"title":["SecureCells: A Secure Compartmentalized Architecture"],"prefix":"10.1109","author":[{"given":"Atri","family":"Bhattacharyya","sequence":"first","affiliation":[{"name":"EPFL,EcoCloud"}]},{"given":"Florian","family":"Hofhammer","sequence":"additional","affiliation":[{"name":"EPFL,EcoCloud"}]},{"given":"Yuanlong","family":"Li","sequence":"additional","affiliation":[{"name":"EPFL,EcoCloud"}]},{"given":"Siddharth","family":"Gupta","sequence":"additional","affiliation":[{"name":"EPFL,EcoCloud"}]},{"given":"Andres","family":"Sanchez","sequence":"additional","affiliation":[{"name":"EPFL,EcoCloud"}]},{"given":"Babak","family":"Falsafi","sequence":"additional","affiliation":[{"name":"EPFL,EcoCloud"}]},{"given":"Mathias","family":"Payer","sequence":"additional","affiliation":[{"name":"EPFL,EcoCloud"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/proc.1975.9939"},{"key":"ref2","article-title":"Cloud computing without containers","author":"Bloom","year":"2018"},{"key":"ref3","first-page":"419","article-title":"Faasm: Lightweight isolation for efficient stateful serverless computing","volume-title":"2020 USENIX Annual Technical Conference, USENIX ATC 2020, July 15-17, 2020","author":"Shillaker"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/HPSR52026.2021.9481820"},{"key":"ref5","article-title":"Project fission","year":"2021"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446728"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-46604-5_10"},{"key":"ref8","first-page":"113","article-title":"An architectural overview of QNX","volume-title":"Proceedings of the Workshop on Micro-kernels and Other Kernel Architectures, Seattle, WA, USA, 27-28 April 1992s","author":"Hildebrand"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/800213.806531"},{"key":"ref10","first-page":"87","article-title":"UNIX as an application program","volume-title":"Proceedings of the Usenix Summer 1990 Technical Conference, Anaheim, California, USA, June 1990","author":"Golub"},{"key":"ref11","article-title":"Cve-2021-44228","year":"2021"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1629575.1629596"},{"key":"ref13","first-page":"49","article-title":"Light-weight contexts: An os abstraction for safety and performance","volume-title":"12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016, Savannah, GA, USA, November 2-4, 2016","author":"Litton"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/605397.605429"},{"issue":"11","key":"ref15","volume":"2","author":"Guide","year":"2011","journal-title":"Intel\u00ae 64 and ia-32 architectures software developer\u2019s manual,\u201d Volumes 1-4"},{"key":"ref16","first-page":"241","article-title":"libmpk: Software abstraction for intel memory protection keys (intel mpk)","volume-title":"2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10-12, 2019","author":"Park"},{"key":"ref17","first-page":"1221","article-title":"ERIM: secure, efficient in-process isolation with protection keys (MPK)","volume-title":"28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019","author":"Vahldiek-Oberwagner"},{"key":"ref18","first-page":"1677","article-title":"Donky: Domain keys - efficient in-process isolation for RISC-V and x86","volume-title":"29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020","author":"Schrammel"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243748"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3322218"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064217"},{"key":"ref22","first-page":"489","article-title":"Hodor: Intra-process isolation for high-throughput data plane libraries","volume-title":"2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10-12, 2019","author":"Hedayati"},{"key":"ref23","first-page":"83","article-title":"IMIX: in-process memory isolation extension","volume-title":"27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018","author":"Frassetto"},{"key":"ref24","first-page":"459","article-title":"Clickos and the art of network function virtualization","volume-title":"Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2014, Seattle, WA, USA, April 2-4, 2014","author":"Martins"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/isca.2014.6853202"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/322017.322025"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2015.9"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978327"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3384613.3384648"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3498688"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2016.12"},{"key":"ref32","first-page":"97","article-title":"Evolving mach 3.0 to A migrating thread model","volume-title":"USENIX Winter 1994 Technical Conference, San Francisco, California, USA, January 17-21, 1994, Conference Proceedings","author":"Ford"},{"key":"ref33","first-page":"273","article-title":"Privman: A library for partitioning applications","volume-title":"Proceedings of the FREENIX Track: 2003 USENIX Annual Technical Conference, June 9-14, 2003, San Antonio, Texas, USA","author":"Kilpatrick"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471839"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519582"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3144555.3144563"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24026"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2485922.2485943"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3322223"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/micro.2012.32"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/isca52012.2021.00047"},{"key":"ref42","first-page":"66","article-title":"Redundant memory mappings for fast access to large memories","volume-title":"Proceedings of the 42nd Annual International Symposium on Computer Architecture, Portland, OR, USA, June 13-17, 2015","author":"Karakostas"},{"key":"ref43","article-title":"Preserving the virtual memory abstraction","author":"Bhattacharjee","year":"2017"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3363519"},{"key":"ref45","article-title":"The security architecture of the chromium browser","volume-title":"Technical report.","author":"Barth","year":"2008"},{"key":"ref46","first-page":"159","article-title":"Enigma: architectural and operating system support for reducing the impact of address translation","volume-title":"Proceedings of the 24th International Conference on Supercomputing, 2010, Tsukuba, Ibaraki, Japan, June 2-4, 2010","author":"Zhang"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2019.00002"},{"key":"ref48","article-title":"Control-flow enforcement technology specification","year":"2019"},{"key":"ref49","article-title":"The rocket chip generator","volume-title":"Tech. Rep. UCB\/EECS-2016-17","author":"Asanovic","year":"2016"},{"key":"ref50","article-title":"Risc-v open source supervisor binary interface","volume-title":"riscv-software src","year":"2022"},{"key":"ref51","article-title":"Arm armv8-a architecture registers","author":"L","year":"2022"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"ref53","first-page":"457","article-title":"The CHERI capability model: Revisiting RISC in an age of risk","volume-title":"ACM\/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Minneapolis, MN, USA, June 14-18, 2014.","author":"Woodruff"},{"key":"ref54","first-page":"45","article-title":"Beyond good and evil: Formalizing the security guarantees of compartmentalizing compilation","volume-title":"IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, June 27 -July 1, 2016.","author":"Juglaret"},{"key":"ref55","first-page":"1016","article-title":"Clean application compartmentalization with SOAAP","volume-title":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-16, 2015","author":"Gudka"},{"key":"ref56","first-page":"1351","article-title":"When good components go bad: Formally secure compilation despite dynamic compromise","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018","author":"Abate"},{"key":"ref57","first-page":"1409","article-title":"PKU pitfalls: Attacks on pku-based memory isolation systems","volume-title":"29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020","author":"Connor"},{"key":"ref58","article-title":"Jenny: Securing syscalls for pku-based memory isolation systems","volume-title":"USENIX Security Symposium","author":"Schrammel"},{"key":"ref59","article-title":"An introduction to access control on qualcomm snapdragon platforms","author":"Li","year":"2020"},{"key":"ref60","first-page":"685","article-title":"PACMAN: attacking ARM pointer authentication with speculative execution","volume-title":"ISCA \u201922: The 49th Annual International Symposium on Computer Architecture, New York, New York, USA, June 18 - 22, 2022","author":"Ravichandran","year":"2022"},{"key":"ref61","doi-asserted-by":"crossref","DOI":"10.1145\/3357033","article-title":"Meltdown: Reading kernel memory from user space","volume-title":"USENIX Security Symposium","author":"Lipp"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358306"}],"event":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2023,5,21]]},"end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10179215\/10179280\/10179472.pdf?arnumber=10179472","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,21]],"date-time":"2024-07-21T04:19:30Z","timestamp":1721535570000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10179472\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":62,"URL":"https:\/\/doi.org\/10.1109\/sp46215.2023.10179472","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}